Since 2005 successive Home Secretaries have authorised the collection of vast amounts of telecommunications data, documents reveal.
By Chris Vallance, World at One
The documents also show that MI5 secretly collected large amounts of “anonymised” financial data.
Campaign group Privacy International said the documents show “the staggering extent of UK government surveillance”.
The Home Office said the data acquisition had “been essential to the security and intelligence agencies”.
It added that the data had provided “vital and unique intelligence”.
The disclosure of the documents was made to Privacy International as it prepares for an Investigatory Powers Tribunal hearing in July.
The tribunal handles complaints against UK intelligence agencies MI5, MI6 and GCHQ.
The campaign group is challenging the agencies use and acquisition of “bulk personal datasets” – very large amounts of personal data collected from public and private organisations.
The Home Office has repeatedly refused to list the datasets the agencies hold, but the documents show the agencies could request a range of sensitive information, including medical information, financial information, and information about telephone and internet communications.
The documents reveal that among other things this data is vital in identifying “foreign fighters”, possibly a reference to jihadists involved in the conflict in Syria and Iraq.
Privacy International said: “The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us”.
But the Home Office told the BBC: “The acquisition and use of bulk [data] provides vital and unique intelligence”, adding: “The security and intelligence agencies use the same techniques that modern businesses increasingly rely on to analyse data in order to overcome the most significant national security challenges”.
In several documents the risk that the public might become aware of the powers is discussed.
An MI5 policy issued in 2010 says the agency’s access to “anonymised” financial data would be against “public expectations”.
It says that if the data is revealed the media response could be “unfavourable and probably inaccurate”.
David Davis MP, a former Conservative Shadow Home Secretary, told the BBC: “It’s clear the agencies and the government have been keeping information secret about what they’ve been doing not just for security reasons, as is normally claimed, but to avoid both embarrassment and public opposition.”
Every six months since 21 July 2005, Home Secretaries have authorised MI5 to collect in a database, information from communication network providers, the documents reveal.
This could include telephone data and internet data. It does not include the content of communications.
The documents say the data is anonymous as it does not contain “subscriber information”, but privacy campaigners argue it would be possible work out the identity of an individual from the data.
MI5 says the data is deleted every 12 months. In the documents the data is said to be of “significant security value.”
The data is obtained under Section 94 of the Telecommunications Act 1984. The government’s independent reviewer of terrorism legislation, David Anderson QC, has previously told the BBC the legislation was “so vague that anything could be done under it”.
But requests to use the database, the documents say, require a separate authorisation under the Regulation of Investigatory Powers Act.
The documents set out detailed procedures required to authorise the collection and use of the data.
But they reveal that misuse has occurred.
One document produced by MI6 gives examples of “individual users crossing the line” for example, “looking up addresses in order to send birthday cards” and “checking details of family members for personal reasons”
The revelations will add to the controversy surrounding the Investigatory Powers Bill currently working its way through parliament.
Millie Graham Wood of Privacy International said: “The agencies have been doing this for 15 years in secret and are now quietly trying to put these powers on the statute book for the first time.”
But the Home Office said the new law is necessary and will strengthen safeguards, telling the BBC that the Bill “will also establish the Investigatory Powers Commissioner who will keep under review the use of bulk personal datasets by the intelligence agencies.”
That is currently done by the Intelligence Services Commissioner, who confirmed in his 2014 report that “the case for holding BPD has been established in each service” and “agencies all have strict procedures in place in relation to handling, retention and deletion.”